upgrade to 1.20

2021-12-25 11:24:58 +08:00 · 2021-12-25 11:24:58 +08:00 · 16c9a42320
commit 16c9a42320
parent 0ef413b699
4 changed files with 6 additions and 44 deletions
--- a/Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
+++ b/Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
@ -1,41 +0,0 @@
-From 8cfc4916736280dd76655fdef5b78331bfac414d Mon Sep 17 00:00:00 2001
-From: Tony Cook <tony@develop-help.com>
-Date: Wed, 27 Jul 2016 14:04:59 +1000
-Subject: [PATCH] CVE-2016-1238: prevent loading optional modules from default
- .
-
-Digest attempts to load Digest::SHA, only failing if Digest::SHA2
-is also unavailable.
-
-If a system has Digest installed, but not Digest::SHA, and a user
-attempts to run a program using Digest with SHA-256 from a world
-writable directory such as /tmp and since perl adds "." to the end
-of @INC an attacker can run code as the original user by creating
-/tmp/Digest/SHA.pm.
-
-The change temporarily removes the default "." entry from the end of
-@INC preventing that attack.
---
- Digest.pm | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/Digest.pm b/Digest.pm
-index 2ae6eec..c75649f 100644
--- a/Digest.pm
-+++ b/Digest.pm
-@@ -42,7 +42,11 @@ sub new
-         unless (exists ${"$class\::"}{"VERSION"}) {
-             my $pm_file = $class . ".pm";
-             $pm_file =~ s{::}{/}g;
-            eval { require $pm_file };
-+            eval {
-+                local @INC = @INC;
-+                pop @INC if $INC[-1] eq '.';
-+                require $pm_file;
-+            };
-             if ($@) {
-                 $err ||= $@;
-                 next;
-- 
-2.1.4
-
--- a/Digest-1.17.tar.gz
+++ b/Digest-1.17.tar.gz
--- a/Digest-1.20.tar.gz
+++ b/Digest-1.20.tar.gz
--- a/perl-Digest.spec
+++ b/perl-Digest.spec
@ -1,11 +1,11 @@
 Name:           perl-Digest
-Version:        1.17
-Release:        419
+Version:        1.20
+Release:        1
 Summary:        Modules that calculate message digests
 License:        GPL+ or Artistic
 URL:            https://metacpan.org/release/Digest
 Source0:        https://cpan.metacpan.org/authors/id/G/GA/GAAS/Digest-%{version}.tar.gz
-Patch0001:      Digest-0.17-CVE-2016-1238-prevent-loading-optional-modules-from-.patch
+
 BuildArch:      noarch
 BuildRequires:  coreutils findutils make perl-interpreter perl-generators perl(Carp) perl(Exporter) perl(ExtUtils::MakeMaker) perl(MIME::Base64)
 BuildRequires:  perl(lib) perl(Test::More)
@ -43,6 +43,9 @@ make test
 %{_mandir}/*/*

 %changelog
+* Sat Dec 25 2021 tianwei <tianwei12@huawei.com> - 1.20-1
+- Upgrade to 1.20
+
 * Sun Sep 29 2019 yefei <yefei25@huawei.com> - 1.17-419
 - Type:enhancement
 - ID:NA